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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1 .1 14, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1 .1 14. Applicant's submission filed on 16 
March 2006 has been entered. 

2. Claims 1-4, 6-36 and 38-66 remain pending. 

Specification 

The title of the invention is not descriptive. A new title is required that is clearly 
indicative of the invention to which the claims are directed. The following title is 
suggested: Filtering apparatus, method and computer program product used to detect 
illegal accesses between a client and a server. 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claim 1 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 
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5. Claim 1 recites the limitation "the request" in line 16 of the claim. There is 
insufficient antecedent basis for this limitation in the claim. Examiner assumes "the 
request" refers to "the access request". Appropriate correction is required. 

6. Claim 1 recites the limitation "determination result" in line 14 of the claim. There 
is insufficient antecedent basis for this limitation in the claim. Examiner assumes this 
instance of "determination result" refers to the "determination result" in lines 11-12. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 65 is rejected under 35 U.S.C. 101 because the claimed invention is directed to 

non-statutory subject matter. Claim 65 recites the use of "A computer program 

containing instructions" but nowhere does the claim recite the computer program being 

tangibly embodied upon a computer readable medium. Due to the fact that the 

computer program is not embodied upon a tangible embodiment of any kind, the claim 

is not limited to statutory subject matter and is therefore non-statutory. Appropriate 

correction is required. See MPEP 706.03(a) and 2106. 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
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granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 1 , 2, 33, 34, 65, 66 and 67 are rejected under 35 U.S.C. 1 02(e) as being 
anticipated by Howard et al. (US 7,051,368 B1), hereinafter referred to as Howard. 

10. Regarding claim 1, Howard discloses a filtering apparatus which is interposed 
between a client and a server providing a service in accordance with each of access 
requests from the client, and which transmits only a legal access request among the 
access requests to the server, the filtering apparatus comprising: 

an illegal pattern database which stores patterns of illegal accesses to the server 
(col. 8, II. 24-30, Howard discloses the use of a memory location containing one or more 
patterns that have been defined and make up a pattern collection); 

a pattern estimation unit which estimates legality of an access request based on 
the illegal access patterns stored in the illegal pattern database and on a predetermined 
pattern estimation rule (col. 8, line 66 - col. 9, line 20, Howard teaches the evaluation of 
input strings to determine the presence of input strings.); 

a pattern determination unit which determines whether each access request is to 
be transmitted to the server based on the estimation by the pattern estimation unit and 
on a predetermined pattern determination rule, the pattern determination unit producting 
a determination result (col. 8, II. 21-23, Howard teaches that if it is determined that 
attack patterns are present, then remedial actions are taken as necessary to eliminate 
risks to the server system). 
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a transmission unit which controls transmission of the access request based on 
determination result of the pattern determination unit so as to transmit the access 
request to the server when the access request is estimated to be legal, and so as to 
reject transmission of the access request to the server and so as to abandon the 
request when the access request is estimated to be illegal (col. 7, II. 36-58, Howard 
teaches that if no attack patterns have been found, then processing continues as 
normal and if it is determined that the input string contains attack pattern(s) then 
remedial action is taken, including the denial of a request altogether from the client to 
the server.). 

1 1 . Claims 33, 65, 66 and 67 contain similar subject matter and are rejected under 
the same rationale as independent claim 1 . 

12. Regarding claim 2, Howard discloses the filtering apparatus wherein 

the pattern estimation unit estimates that each of the access requests is an illegal 
access if the access request corresponds to any one of the illegal access patterns 
stored in the illegal pattern database, and estimates that the access request is a legal 
access if the access request does not correspond to any one of the illegal access 
patterns stored in the illegal pattern database (col. 8, II. 21-23, Howard teaches that if it 
is determined that attack patterns are present, then remedial actions are taken as 
necessary to eliminate risks to the server system); and 

the pattern determination unit determines that the access request estimated as 
the illegal access by the pattern estimation unit is not to be transmitted to the server, 
and determines that the access request estimated as the legal access by the pattern 
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estimation unit is to be transmitted to the server (col. 8, II. 21-23, Howard teaches that if 
it is determined that attack patterns are present, then remedial actions are taken as 
necessary to eliminate risks to the server system). 

13. Claim 34 contains similar subject matter and is rejected under the same rationale 
as claim 2. 

Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 5. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

16. Claims 3, 4, 6-19, 26-30, 35, 36, 38-51, 58-62 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Howard in view of Carter et al. (US 2003/0051026), 
hereinafter referred to as Carter. 
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17. In regards to claim 3 and 35 Howard does not explicitly teach of wherein the 
pattern estimation unit calculates a predetermined estimation value according.... Carter 
teaches on this aspect (Paragraph [0006] and [0447]. One of ordinary skill in the art at 
the time of invention would have been motivated to make the above mentioned 
modifications for the reasons discussed in Carter, Paragraph[0005]. 

18. In regards to claim 4 and 36, Howard teaches about a legal pattern database 
which stores ... and a predetermination unit which predetermines whether each of the 
access requests corresponds... (col. 7, II. 36-58). Howard does not explicitly teach of 
wherein the pattern estimation unit estimates the legality of only the access request 
determined not to correspond to any one of the legal access patterns by the 
predetermination unit. Carter teaches on this aspect Paragraph [0006]. One of 
ordinary skill in the art at the time of invention would have been motivated to make the 
above mentioned modifications for the reasons discussed in Carter, Paragraph[0005]. 

19. In regards to Claim 16 and 48 Howard does not explicitly teach of a external 
transmission unit which transmits each of the access requests determined not to be 
transmitted to the server by the pattern determination unit, to a predetermined external 
device based on a predetermined external transmission rule. Carter implicity teaches 
on this aspect (Paragraph [0006, lines 17-19). One of ordinary skill in the art at the time 
of invention would have been motivated to make the above mentioned modifications for 
the reasons discussed in Carter, Paragraph [0005]. 

20. In regards to Claim 6,17 and 38,49 Howard teaches about a storage unit (Fig 4) 
which stores each of the access request (fig. 4). 
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21. In regards to Claim 7, 18-19 and 39,50-51 Howard teaches the need for an 
update unit which updates the illegal pattern database (col. 7, II. 24-26). 

22. In regards to Claim 8, and 40 Howard teaches about an access request 
transmission unit which transmits, as a legal access request, (col. 7, II. 36-58) but does 
not explicitly teach of only the access request determined to be transmitted to the server 
by the pattern and statistic determination units, to the server statistically illegal request 
database .... from the statistic of the access requests for the server; a statistic 
estimation unit ... a statistic determination unit; Carter implicitly teaches on these 
aspects. Carter teaches of using statistical analysis to detect anomalous events (Page 
58, 2 nd Col, Claim 20). One of ordinary skill in the art at the time of invention would 
have been motivated to make the above mentioned modifications for the reasons 
discussed in Carter, Paragraph [0005]. 

23. In regards to Claim 9-1 1 and 41 -43 Howard does not explicitly teach of the 
statistically illegal request database stores transmitting end information on the clients 
each of which issues access requests.... stores request contents of the access 
requests.... and determines that the access request estimated as the legal access by 
the statistic estimation unit is to be transmitted to the server. Carter teaches on these 
aspects (Page 58, 2 nd Col, Claim 20, Paragraph [0205,0204,0216]). Motivation is same 
as discussed in Claim 8. 

24. In regards to claims 12 and 44 Howard does not explicitly teach the statistically 
illegal request database stores transmitting end information on the clients.... calculates 
a predetermined estimation value according to a degree to which the transmitting end... 
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Carter teaches on these aspects (Paragraph [0204-0205, 0216,0006]). Motivation is 
same as discussed in Claim 8. 

25. In regards to claims 1 3-1 5 and 45-47 Howard teaches about estimating the 
legality of access request (col. 7, II. 36-58) but does not explicitly teach of statistic 
estimation... Carter implicitly teaches on these aspects (Page 58, 2 nd Col, Claim 20). It 
should be noted that Carter is explicit about detecting anomalous; however it would 
have been obvious to one of ordinary skill in the art at the time of invention to extend his 
invention so that the statistical analysis can correspond to legal access request as well 
based on what is taught by Carter in Paragraph [0183]. Motivation is same as discussed 
in Claim 8. 

26. In regards to claims 26-29 and 58-61 Howard does not explicitly teach of an 
access request decryption step of decrypting... the access request which has been 
subjected to the predetermined encryption processing. Carter teaches on these aspects 
(Paragraph [0225-0226]. Motivation is same as discussed in Claim 8. 

27. In regards to claims 30 and 62 Howard implicitly teaches of a pseudo-response 
database which stores pseudo-responses corresponding to the patterns of the illegal 
accesses to the server... (Figure 4). 

28. Claims 31 -32 and 63 -64 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Howard as applied to claims 1 and 33 above, and further in view of 
Carter and Cahill (US 6535855). 

29. In regards to claims 31 and 63 Howard does not explicitly teach of decoy unit 
which receives the access requests each of... Cahill teaches on these aspects (Col 12, 
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lines 50-55, Col 1 3, lines 20-35). One of ordinary skill in the art at the time of invention 
would have been motivated to make the above-mentioned modifications for the reasons 
discussed in Carter (Paragraph [0026]). 

30. In regards to claims 32 and 64 Howard implicitly teaches of a pseudo-response 
database which stores pseudo-responses corresponding to the patterns of the illegal 
accesses ... and a pseudo-response transmission unit which transmits the pseudo- 
responses created by the pseudo-response (Fig. 4). Howard does not explicitly teach of 
a decoy unit which receives the access requests which do not correspond to the illegal 
access patterns stored in the pseudo-response database... Carter teaches of access 
request which do not correspond to the illegal access patterns (Col 9, lines 30-65) and 
Cahill teaches of a decoy unit (Col 13, lines 20-25). Motivation is the same as discussed 
in Claims 8 and Claim 17. 

31 . Claims 20-21 and 52-53 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Howard as applied to claim 1 and 33 above, and further in view of 
Kashani (US 2002/0165894) and Birrel et al. (US 2003/0135555 A1). 

32. In regards to Claims 20 - 21 and 52-53 Howard teaches about a database with 
stores patterns of illegal request (col. 7, II. 36-58) but does not explicitly teach of illegal 
responses. Kashani teaches on this aspect (Paragraph [0120]). One of ordinary skill in 
the art at the time of invention would be motivated to make the above-mentioned 
modifications for the reasons discussed in an analogous art (Birrel, Paragraph [0004]). 
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33. Claims 22-25 and 54-57 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Howard as applied to claims 1 and 33 above, and further in view of 
Carter and Kashani. 

34. In regards to claims 22-25 and 54-57 Howard does not explicitly teach about 

illegal response database threshold value.... external transmission unit.... storage of 

response that is not transmitted... .and update unit Carter teaches on threshold value 

(Paragraph[0006,021 8].... external transmission unit(Paragraph[0006].... storage of 
information that is not transmitted(Paragraph[0006]) that is not transmitted.... and 
update unit (Paragraph[0253]) but does not explicitly teach about illegal responses. 
Kashani teaches on this aspect (Paragraph [0120]). Motivation is the same as 
discussed in Claim 8 and Claim 20. 

Response to Arguments 

35. Applicant's arguments with respect to the claims have been considered but are 
moot in view of the new ground(s) of rejection. 

Conclusion 

36. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Cunningham et al. (US 6,219,786 B1) discloses a method and system for monitoring 
and controlling network access. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Benjamin A. Ailes whose telephone number is (571)272- 
3899. The examiner can normally be reached on M-F 6:30-4, IFP Work Schedule. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571)272-3868. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 

i 

Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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